cgi-bin security

• Lots of gotchas with CGI-BIN programs

  • buffer overflows (maximum length checks?)
  • shell metacharacter expansion
    • what happens if you put
      `cat /etc/passwd`
      in a form field?
  • sending mail, reading files
  • redirection - allows bypassing IP address-based security

Previous slide

Next slide

Back to first slide

View graphic version